Security NewsWatch

NSI Security NewsWatch Banner

A weekly roundup of news, trends and insights designed exclusively for security professionals. This publication is intended for security staff only.

View in Your Browser at http://nsi.org/Security_NewsWatch/NewsWatch/6.22.16.html

In this issue — June 22, 2016

  • DoD to Launch Mega Database for Screening National Security Workers
  • Chinese Economic Cyber-Espionage Plummeting?
  • Program Deterring Nuclear Smuggling Can’t Measure Progress
  • Hacker Pleads Guilty to Giving Stolen U.S. Military Data to ISIS
  • Pentagon Developing Tools to Fight ‘Lone Wolf’ Problem
  • Deloitte: Cyberattack Damages May Cost 20 Times More than Thought
  • Navy Addresses a Top Threat from Russia, China
  • Firm Says ‘Cyber Jihad’ Is Coming
  • West Must Respond to Russia’s Increasing Cyber-Aggression
  • Why BYOD Is a Growing Threat to Business

Pentagon Prepares to Launch Mega Database for Screening National Security Workers (Nextgov.com, 6/20/16)

The Pentagon next month is slated to launch one mega database for investigating the trustworthiness of personnel who could have access to federal facilities and computer systems. The Defense Information System for Security, or DISS, will consolidate two existing tools used for vetting employees and job applicants. The reboot represents a reform spawned by leaks of classified data and shootings on military bases, Defense Department officials say.

DISS will provide “a common, comprehensive medium to request, record, document and identify personnel security actions,” Aaron Siegel, alternate defense Federal Register liaison officer, said in a notification about the addition of the new system of records. An older background check-management tool, the Joint Personnel Adjudication System, will move into DISS and take on a different acronym JVS, or the Joint Verification System. The current Case Adjudication Tracking system, or CATS, which shares completed investigations with other agencies, also will sit inside the application bundle. More

Chinese Economic Cyber-Espionage Plummeting? (Fortune, 6/20/16)

The Chinese government appears to be abiding by its September pledge to stop supporting the hacking of American trade secrets to help companies there compete, private U.S. security executives and government advisors said recently. FireEye Inc, the U.S. network security company best known for fighting sophisticated Chinese hacking, said in a report Monday that breaches attributed to China-based groups had plunged by 90% in the past two years.

The most dramatic drop came during last summer’s run-up to the bilateral agreement, the report added.  FireEye’s Mandiant unit in 2013 famously blamed a specific unit of China’s People’s Liberation Army for a major campaign of economic espionage. More

Program Deterring Nuclear Smuggling Can’t Measure Progress (DC Free Beacon, 6/20/16)

The federal program responsible for detecting and deterring the international smuggling of nuclear and radiological materials cannot measure its progress, a government watchdog says.  The Nuclear Smuggling Detection and Deterrence program is a key prong of the effort to ensure that terrorists do not get hold of nuclear or radiological materials to create weapons of mass destruction.

The program has spent $1 billion over five years to provide equipment and training to other countries to counter nuclear smuggling.  It plans to spend $809 million over the next five years.  But the GAO concluded in a recent report that the program “cannot measure its progress toward completing key activities” because its current goals are not measurable and do not address all tasks relevant to the program. More

Hacker Pleads Guilty to Giving Stolen U.S. Military Data to ISIS (PC Magazine, 6/17/16)

A pro-ISIS hacker last week pleaded guilty to stealing more than 1,000 military personnel files and sharing them with the terrorist group.  According to the Department of Justice, 20-year-old Ardit Ferizi admitted to gaining high-level access to an unnamed U.S. company’s client list last summer.

The Kosovo native provided that data to a member of ISIS, who tweeted the personal details of 1,300 U.S. military personnel in the name of the Islamic State Hacking Division.  Ferizi said he did so with the understanding that the group would use it to “hit them [the US.] hard.” More

Pentagon Developing Tools to Fight ‘Lone Wolf’ Problem (Defense One, 6/16/16)

Multiple motivations may have been at play in the Orlando killer’s recent attack at the Pulse night club in Orlando.  While it is possible to overstate the influence of the Islamic State, it is impossible to ignore ISIS messaging as at least one contributing factor.

On Tuesday, President Obama said the killer “appears to have absorbed” messages from ISIS, whose propaganda, “videos, their postings are pervasive and more easily accessible than we want.”  If the online world is part of the battlefield, a new Pentagon program is building tools to evaluate how the battle is going. More

Deloitte: Cyberattack Damages May Cost 20 Times More than Thought (Luxury Daily, 6/16/16)

The costs most commonly associated with security compromises amount to less than 5% of the business impact, according to Deloitte Advisory.  While the fines, litigation fees, and cost to improve cybersecurity are well-known expenses following a data breach, the loss of intellectual property, increase in insurance premiums, and tarnished customer relations often equate to costs of a much higher magnitude.

Taking a closer look at the associated costs of cyberattacks can help brands ensure they are properly budgeting security expenditures. More

******************************************************************************************

How to Achieve a “Superior’ Rating on Your Next DSS Inspection

Protecting classified information depends, today more than ever, on the security awareness of employees.   They can literally make or break your security program.  And the stakes have been raised even higher with the DSS Security Rating Matrix, which puts heightened emphasis on employee education and awareness.  In fact, one of the top three deficiencies cited by IS Reps around the country is a “weak security education program.”

So, how can you achieve a “Superior” inspection rating and avoid having to answer for negligent employee behavior?  The secret lies in just three little words: EMPLOYEE SECURITY CONNECTION – the proven security awareness solution exclusively for cleared defense contractors and government agencies.  It’s the best way to ensure your employees are prepared for your next security audit.  To learn more about how this valuable resource can help motivate your employees to practice good security habits…help you achieve “superior” inspection results…and satisfy a major NISPOM awareness requirement… please click on the following link: https://nsi.org/es-connection.html

******************************************************************************************

Navy Addresses a Top Threat from Russia, China (Business Insider, 6/15/16)

Last Week, the U.S. Navy announced that the USS Coronado had completed initial operational tests and evaluations with Raytheon’s SeaRAM antiship missile-defense system and, in doing so, answered a big question.  Anti-ship cruise missiles have long been an area of concern for military planners, as China and Russia develop increasingly mature and threatening missiles of that type.

Effectively, Russia’s and China’s anti-ship missiles and air power have the capability to deny U.S. or NATO forces access to strategically important areas, like the South China Sea, the Black Sea, and the Baltics. More

Firm Says ‘Cyber Jihad’ Is Coming (CNBC, 6/15/16)

Islamic terrorists are arming themselves with the technical tools and expertise to attack the online systems underpinning Western companies and critical infrastructure, according to a new study from the Institute for Critical Infrastructure Technology.  The goal of the report was to bring awareness to “a hyper-evolving threat,” according to James Scott, ICIT co-founder and senior fellow.

Dark web marketplaces and forums make malware and tech expertise widely available and — with plenty of hackers for hire and malware for sale — technical skills are no longer required.  A large-scale attack could be just around the corner, said Scott. More